diff options
| author | Andrew Laski <andrew@lascii.com> | 2016-05-09 15:06:00 -0400 |
|---|---|---|
| committer | Andrew Laski <andrew@lascii.com> | 2016-06-06 10:12:04 -0400 |
| commit | 474c120ae6de61c1f46523baa0fef11b5e537cf8 (patch) | |
| tree | b01f57671ea34540f37717781c4cf139428a1e5b /doc | |
| parent | ea29939194663d6d1028a242cc880002bdfc8ace (diff) | |
| download | oslo-policy-474c120ae6de61c1f46523baa0fef11b5e537cf8.tar.gz | |
Add sample file generation script and helper methods1.9.0
This adds a console script to oslo.policy that will output a sample
policy file in yaml format. It works by looking at the configured
namespace(s) under an 'oslo.policy.policies' entry point. A method, or
methods, should be provided which return a list of
oslo_policy.policy.RuleDefault objects.
To use this script add an entry to setup.cfg in a project with something
like:
oslo.policy.policies =
nova.api = nova.api.opts:list_policies
list_policies should be a method which returns a list of
oslo_policy.policy.RuleDefault objects.
Then run it like:
oslopolicy-sample-generator --namespace nova.api
--output-file can also be specified, or those options can be configured
in a file which can be specified with --config-file.
Change-Id: If25d48313b91a6610119220e13f635c6e28b2a59
Partially-Implements: bp policy-sample-generation
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/source/usage.rst | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/doc/source/usage.rst b/doc/source/usage.rst index a7ad3ed..2b5d95f 100644 --- a/doc/source/usage.rst +++ b/doc/source/usage.rst @@ -53,6 +53,8 @@ benefits. Enforcer.enforce. * More will be documented as capabilities are added. +* A sample policy file can be generated based on the registered policies + rather than needing to manually maintain one. How to register --------------- @@ -74,3 +76,33 @@ How to register enforcer.register_default(policy.RuleDefault('identity:create_region', 'rule:admin_required', description='helpful text')) + +Sample file generation +---------------------- + +In setup.cfg of a project using oslo.policy:: + + [entry_points] + oslo.policy.policies = + nova.api = nova.api.opts:list_policies + nova.compute.api = nova.compute.api.opts:list_policies + +where list_policies is a method that returns a list of policy.RuleDefault +objects. + +Run the oslopolicy-sample-generator script with some configuration options:: + + oslopolicy-sample-generator --namespace nova.api --namespace nova.compute.api --output-file policy-sample.yaml + +or:: + + oslopolicy-sample-generator --config-file policy-generator.conf + +where policy-generator.conf looks like:: + + [DEFAULT] + output_file = policy-sample.yaml + namespace = nova.api + namespace = nova.compute.api + +If output_file is ommitted the sample file will be sent to stdout. |